Changes the password for an existing Cirro user.

Syntax

ALTER USER 'username' [LIKE 'sourceuser'] IDENTIFIED BY ['password' | NONE ] AUTHENTICATED BY method [OPTIONS] EMAIL 'user@domain.com' [WITHOUT DATABASE CREDENTIALS | ROLES | PRIVILEGES ] VALID (FROM | BETWEEN | Until ) 'YYYY-MM-DD HH:MM:SS' ( AND 'YYYY-MM-DD HH:MM:SS') WITH TIME ZONE 'timezone'

Arguments

  • ‘userName’ - The name for the user account. Enclose in single quotes. userName is a case-sensitive VARCHAR(128) which complies with SQL username requirements and therefore does not include spaces or special characters.

  • LIKE - Allows duplication of ‘sourceuser’ roles and privileges in ‘targetuser’ account. Requires COPY USER privilege. If used, this must precede any other commands.

  • IDENTIFIED BY -

    • ‘password’: Sets ‘password’ to access the account. Always enclose the password in single quotes.

    • NONE - revokes any existing password on the specified user account.

  • EMAIL ‘username@domain.com’: the email address for the user account. Cirro sends a message to this user containing any of password, one time password link to QR code for Authenticator app setup, or two factor authentication link to Duo or Saaspass. Requires SMTP setup in webapp.

  • AUTHENTICATED BY method - Sets authentication method. Two methods are available:

    • cirrototp (cirro timed one-time-password) is default.

    • yubikey - requires a yubikey account

  • OPTIONS (SECRET ‘string’) - options for Cirro timed one-time password. For A 32 character 160 bit number formatted using base 32. This is generated by Cirro.

  • OPTIONS (USER ID ‘value’, SECRET ‘secretkeyvalue’) - options for Yubikey.

    • USER_ID value - This is the Yubikey PRIVATE ID.

    • SECRET secretkeyvalue - this is the Yubikey SECRET KEY.

  • WITHOUT - exclude any of three options from any LIKE clause.

    • DATABASE CREDENTIALS

    • ROLES

    • PRIVILEGES

  • VALID - all values use YYYY-MM-DD HH:MM:SS date format. If time not specified, it defaults to midnight (00:00:00). All arguments require TIME ZONE.

    • FROM - The start date and time the user account will begin to function.

    • BETWEEN - start and end date and time the user account will function. Uses AND to separate start and end date.

    • UNTIL: The end date and time the user account will stop functioning.

    • TIME ZONE - the time zone your user operates in. Find your time zone.

Additional Information

  • In order for a user to have any privileges on any federated systems, these privileges must be added by:

    • ADD AUTHORIZATION - Adding authorization for the user to a user on the remote system. See the ADD AUTHORIZATION command below.

    • GRANT privilege - Granting privileges using the GRANT command.

  • Password requirements may differ per Cirro installation, based on the user security policiy set on your installation. Please contact your Cirro administrator for requirements on your system.

  • Yubikey

    • If IDENTIFIED BY was NOT included, touch the Yubikey when prompted for your password

    • If IDENTIFIED BY was included, enter your password (don’t type ENTER/RETURN) then touch your Yubikey to authenticate.

Examples

Set up account with standard password

ALTER USER 'myUser1' IDENTIFIED BY 'p@sswOrd';

Set up account duplicating another with standard password, email address but no privileges

ALTER USER 'wecoyote' LIKE 'rrunner' EMAIL 'wecoyote@cirro.com' IDENTIFIED BY 'acme' WITHOUT PRIVILEGES

Alter a user and add Cirro Timed one-time password

```ALTER USER ‘wecoyote’ AUTHENTICATED BY cirrototp OPTIONS (SECRET ‘HXDMVJECJJWSRB3HWIZR4IFUGFTMXBOZ’);


Set up Yubikey as a cirro-managed one-time password.

```sql
ALTER USER cirrouser AUTHENTICATED BY yubikey OPTIONS (
  USER_ID 'PublicId',
  SECRET 'SecretKey'
)
[ IDENTIFIED BY 'password' ]

See also